Showing posts with label viruses. Show all posts
Showing posts with label viruses. Show all posts

16 December 2011

People in Glasshouses (With Windows) Shouldn't Throw Stones

It's no secret that Windows Phone is struggling desperately in the battle against the smartphone leaders, iPhone and Android. And desperate times demand desperate measures; but even so, this move by Microsoft is pretty extraordinary:

On Open Enterprise blog.

04 March 2011

Malware at the Heart of the BBC's Decline

Anyone who has been following me on Twitter or identi.ca will have noticed that I have a bee in my bonnet - actually, make that a Beeb in my bonnet - about the BBC.

In fact, I have several - including the fact that I really want it to be the best broadcasting organisation in the world, as it once was. But my other bee/Beeb is that its journalistic standards in the few areas where I can claim some knowledge are pretty woeful.

This is seen nowhere more clearly than in its coverage of malware.

To read the reports on the BBC website (I don't watch UK television, so I've no idea what happens there, but suspect it's just as bad), you'd think that malware were some universal affliction, an unavoidable ill like death and taxes. Rarely does the BBC trouble its readers' pretty little heads with the tiresome fact that the overwhelming majority of viruses and trojans affect one operating system, and one operating system only: Microsoft Windows.

To see this, try the following experiment. Search on the BBC news site for "microsoft windows virus" or "microsoft windows trojan" or "microsoft windows malware", and you'll get a few dozen hits, not all of which refer to Microsoft malware.

But try the same searches without the words "microsoft windows", and you will get many more hits every year (try "computer malware", for example), very few of which mention that such malware is almost exclusively for Microsoft's platform.

That sin of omission has now been matched by an equally telling sin of commission. For hot on the heels of the first serious Android viruses, we have a report on BBC news spelling out the terrible facts:

More than 50 applications available via the official Android Marketplace have been found to contain a virus.

Analysis suggests that the booby-trapped apps may have been downloaded up to 200,000 times.

The malicious apps were copies of existing applications, such as games, that had been repackaged to include the virus code.

Fifty applications, can you believe it? Terrifying stuff. And downloaded no less than 200,000 times...shocking.

Of course, the fact that back in 2007

Symantec detected more than 711,912 novel threats which brings the total number of malicious [Microsoft Windows] programs that the security firm's anti-virus programs detect to 1,122,311.

as reported by the BBC in one of its rare balanced pieces on the subject, rather puts those 50 Android programs in context. Similarly, if you consider how many *billions* of times all those Windows viruses have been downloaded over the years, the 200,000 Android downloads pale into insignificance. And yet the BBC chooses not to provide any of that background information.

And it hasn't finished there. Not content with reporting on the Android virus without providing any context, the BBC article then goes on to trash - guess what? - yes, Android's open approach, via this quotation:

"This greater openness of the developer environment has been argued to foster an atmosphere of creativity," he wrote, "but as Facebook have already discovered it is also a very attractive criminal playground."

Again, the missing context is that the *closed* world of Windows has not only provided a rather larger and more attractive "criminal playground", but has caused tens of billions of dollars of economic damage every year according to one estimate. Rather more than just a playground for criminals, one might say - an entire global industry.

All-in-all, this is extraordinarily poor journalism from the BBC, and something that would never have been tolerated when it was at the height of its reputation. What's really sad is that the latest one-sided reporting of the Android viruses suggests that far from getting better, things are getting even worse in this particular area. That is truly a great loss for not just the BBC but for all of its long-time supporters (like me) who would like to see it flourish in the digital age, not shrivel into irrelevance.

Follow me @glynmoody on Twitter or identi.ca.

10 February 2010

Is Microsoft Exploiting the Innocent?

I'd never heard of the UK government's Child Exploitation and Online Protection Centre (CEOP), but that's not surprising, since I'm allergic to organisations whose approach is "truly holistic" as CEOP brightly claims. But as well as being susceptible to embarrassing cliches, it seems that the outfit is naive, too.

For, as part of the "Safer Internet Day", CEOP is promoting Internet Explorer 8 on its front page. And what exactly does this famous panacea for all human ills offer in this context? Well:

Download the 'Click CEOP' button into your browser toolbar to provide instant access to internet safety information for children and parents.

Of course, it's rather a pity that to access the information you have to use Internet Explorer 8, scion of a family of browsers that has probably done more than any other software to expose young people to harm on the Internet through woeful security that allows viruses and trojans to be downloaded so easily - one still riddled with flaws.

Strange, then, that CEOP didn't offer a much better way of protecting vulnerable users by suggesting that they switch to a safer browser; it doesn't even offer that same instant access to safety information for Firefox users, thus encouraging people to use IE8 if they want to see it. Moreover, it does this by providing - oh irony of ironies - a link to a .exe file to download and run, the very thing you should be teaching young people *not* to do.

It couldn't be that the young and innocent Child Exploitation and Online Protection Centre has allowed itself to be, er, exploited by that wily old Microsoft here, could it?

Follow me @glynmoody on Twitter or identi.ca.

26 August 2009

'Foreign Policy' Should Stick to its Home Turf

Foreign Policy has published some good features; this isn't one of them:

Although the newest oil rigs, which cost upward of $1 billion apiece, might be loaded with cutting-edge robotics technology, the software that controls a rig's basic functions is anything but. Most rely on the decades-old supervisory control and data acquisition (SCADA) software, written in an era when the "open source" tag was more important than security, said Jeff Vail, a former counterterrorism and intelligence analyst with the U.S. Interior Department. "It's underappreciated how vulnerable some of these systems are," he said. "It is possible, if you really understood them, to cause catastrophic damage by causing safety systems to fail."

Sorry, old chap, but "open source" and "security" are orthogonal, independent axes. And this, from the same article:

"The worst-case scenario, of course, is that a hacker will break in and take over control of the whole platform," Jaatun said. That hasn't happened yet, but computer viruses have caused personnel injuries and production losses on North Sea platforms, he noted.

suggests we're talking about *Windows* systems, not "open source". So, pretty much 100% wrong. (Via @cdaffara.)

Follow me @glynmoody on Twitter or identi.ca.

09 December 2008

*Not* the Facebook Virus

Facebook's 120 million users are being targeted by a virus designed to get hold of sensitive information like credit card details.

'Koobface' spreads by sending a message to people's inboxes, pretending to be from a Facebook friend.

It says "you look funny in this new video" or "you look just awesome in this new video".

By clicking on the link provided they're then asked to watch a "secret video by Tom".

When users try and play the video they're asked to download the latest version of Adobe Flash Player.

If they do, that's when the virus takes hold and attacks the computer.

But only, of course, if they're stupid enough to use Windows (which the story - once again - somehow fails to mention.) Oh, and BTW, it's a worm, not a virus.

Sigh.

Update: At least Charles gets it right.

03 December 2008

The Great Virus Con-Trick

I'm glad I'm not the only one to have cottoned on to this strange phenomenon:

Ever notice how Microsoft plasters the Windows name on everything it can reach? Splash screens, stickers on computers, and advertising everywhere. There is no escaping it. Except when it's yet another malware outbreak-- then all the news organizations go inexplicably deaf, dumb, and blind, as this latest story demonstrates

The thing is, news outlets practically never mention that these scary big virus outbreaks are *Windows" viruses, as if viruses were some abstract entity.

The tech press goes berserk at every utterance from Steve Ballmer and Bill Gates, and every word emitted by the Redmond PR machine is dutifully repeated and canonized. Except in stories like these. The article is brief and doesn't give much information, and it links to two other lengthier news stories that are just as befuddled.

Only they're not befuddled-- it looks to me like they are deliberately not saying that the affected systems are Windows systems. Check out this clever phrasing:

"Our military is dependent upon commodity desktops whose software shares an enormous amount of DNA with systems that sit on every workplace in the planet."

Now who do you suppose they are referring to? Apple? Ubuntu? AmigaOS? Solaris? FreeBSD?

Quite.

19 November 2008

(Sigh): Another BBC Ad for Microsoft

I suppose I should expect this now:

In a surprise move, Microsoft has announced it will offer a free anti-virus and security solution from the second half of next year.

...


Amy Barzdukas, senior director of product management in the online services division at Microsoft, said: "This new, no-cost offering will give us the ability to protect an even greater number of consumers, especially in markets where the growth of new PC purchases is outpaced only by the growth of malware."

Ah, bless 'em.

Of course, this move couldn't possibly have anything to do with the fact that the security of Windows is so poor as to make the operating system unusable without this kind of anti-virus crutch. Well, that's certainly the impression you get from benign old Auntie.

As usual, Mike Masnick gets it in one. His headline? "Microsoft Realizes No One Wants To Pay Microsoft To Fix Its Own Security Flaws."

08 October 2008

Windows XP Ultraportables - Free Virus Included

Yet another reason to buy the GNU/Linux version:


Asus has admitted that some of the its Eee Box desktop mini PCs have shipped with a virus.

But while the company has only admitted the infection was present in machines shipped to Japan, Register Hardware can confirm that other territories may be affected too.

According to an email sent out by Asus, PC Advisor reports, the Eee Box's 80GB hard drive has the recycled.exe virus files hidden in the drive's D: partition. When the drive is opened, the virus activates and attempts to infect the C: drive and an removable drives connected to the system.

According to Symantec, the malware is likely to be the W32/Usbalex worm, which creates an autorun.inf file to trigger recycled.exe from D:.

27 August 2008

When Will They Ever Learn...?

...not to use Windows:

A computer virus is alive and well on the International Space Station (ISS).

Nasa has confirmed that laptops carried to the ISS in July were infected with a virus known as Gammima.AG.

The worm was first detected on earth in August 2007 and lurks on infected machines waiting to steal login names for popular online games.

13 December 2007

Darwinian Selection, Where Are You?

As I've pointed out many times, Darwinian selection lies at the heart of much of openness's success. So this is really, really bad news:

Imagine if we threw money at record labels, in the hopes that they'd publish better music. What do you think would happen?

Unfortunately, that's exactly what the Fed's doing with the financial system. But throwing liquidity into a rotten system is just giving the virus new stuff to infect, consume, and decay.

Oh dear.

09 September 2007

Firefox Hit 400 Million Downloads

This is worth quoting at length:

On November 9th, 2004, you all started a movement. Spread Firefox, supported by tens of thousands of contributors, took just 99 days to deliver 25 million downloads of Firefox to a world of people desperate for a better Web -- a Web that didn't overwhelm them with pop-ups, a Web that didn't infect their systems with viruses and spyware, a Web that was fun again, simply put, a Web that worked.

In less than six months, you all doubled that number to 50 million downloads, turned open source into a household word and reasserted the supremacy of choice and simplicity.

It took the Spread Firefox global community of activists only one year to reach the 100 million downloads mark and to let the world know that innovation was alive again on the Web.

And just one year ago you all helped to double that number again, to 200 million downloads. More than 50,000 of you, with Spread Firefox buttons and banners, not only helped Firefox achieve an amazing download milestone, but you all helped to make Firefox one of the world's most recognized and respected brands.

Today, you all have done it once again. With your amazing efforts, Firefox has reached 400 million downloads and demonstrated that not even the world's most powerful companies can keep people from a better, safer, and faster Web experience. You all, the grass roots and the heart of the Firefox movement, have helped hundreds of millions of people find that better, safer, and faster Web.

Even though these are downloads, not installed versions, it's still important to note that the rate at which people are trying out or upgrading Firefox is accelerating: 100 million in one year, 200 million in two years, but 400 million in three years. It will be interesting - and indicative - to see what happens in a year's time.

08 August 2007

On the Necessity of Open Access and Open Data

One of the great things about open source is its transparency: you can't easily hide viruses or trojans, nor can you simply filch code from other people, as you can with closed source. Indeed, the accusations made from time to time that open source contains "stolen" code from other programs is deeply ironic, since it's almost certainly proprietary, closed software that has bits of thievery hidden deep within its digital bowels.

The same is true of open access and open data: when everything is out in the open, it is much easier to detect plagiarism or outright fraud. Equally, making it hard for people to access online, searchable text, or the underlying data by placing restrictions on its distribution reduces the number of people checking it and hence the likelihood that anyone will notice if something is amiss.

A nicely-researched piece on Ars Technica provides a clear demonstration of this:

Despite the danger represented by research fraud, instances of manufactured data and other unethical behavior have produced a steady stream of scandal and retractions within the scientific community. This point has been driven home by the recent retraction of a paper published in the journal Science and the recognition of a few individuals engaged in dozens of acts of plagiarism in physics journals.

By contrast, in the case of arXiv's preprint holdings, catching this stuff is relatively easy thanks to its open, online nature:

Computer algorithms to detect duplications of text have already proven successful at detecting plagiarism in papers in the physical sciences. The arXiv now uses similar software to scan all submissions for signs of plagiarized text. As this report was being prepared, the publishing service Crossref announced that it would begin a pilot program to index the contents of the journals produced by a number of academic publishers in order to expose them for the verification of originality. Thus, catching plagiarism early should be getting increasingly easy for the academic world.

Note, though, that open access allows *anyone* to check for plagiarism, not just the "authorised" keepers of the copyrighted academic flame.

Similarly, open data means anyone can take a peek, poke around and pick out problems:

How did Dr. Deb manage to create the impression that he had generated a solid data set? Roberts suggests that a number of factors were at play. Several aspects of the experiments allowed Deb to work largely alone. The mouse facility was in a separate building, and "catching a mouse embryo at the three-cell stage had him in from midnight until dawn," Dr. Roberts noted. Deb was also on his second post-doc position, a time where it was essential for him to develop the ability to work independently. The nature of the data itself lent it to manipulation. The raw data for these experiments consisted of a number of independent grayscale images that are normally assigned colors and merged (typically in Photoshop) prior to analysis.

Again, if the "raw data" were available to all, as good open notebook science dictates that they should be, any manipulation could be detected more readily.

Interestingly, this is not something that traditional "closed source" publishing can ever match using half-hearted fudges or temporary fixes, just as closed source programs can never match open ones for transparency. There is simply no substitute for openness.

27 October 2006

Viral Evolution

As a big fan of the explanatory power of Darwinian evolution - which, for those still concerned about its "theoretical" status, is basically just maths - I have to say I'm impressed by this story:

SpamThru takes the game to a new level, actually using an anti-virus engine against potential rivals.

Of course, this is precisely the same strategy that baby cuckoos use. Self-standing, evolving computer viruses living across the Net are getting ever closer....

31 May 2006

Shock! Horror! Macro Viruses for OSS

This explains why macros are generally a bad thing to use in word processors or spreadsheets (yes, I know they can be useful, too). It is also a warning to OSS activists not to hit the "OSS is immune to viruses" button: it may be true now, but it sure won't be in the future as OSS enters the mainstream. (Via LWN.net).

19 May 2006

More Ineffable Microsoft FUD

It's always fun to track Microsoft's latest contortions when it comes to open source. I've described its past efforts elsewhere, and here's the latest:

Some people want to use community-based software, and they get value out of sharing with other people in the community. Other people want the reliability and the dependability that comes from a commercial software model.

Rather below par, I'd say: Microsoft reliable, dependable? As in reliably bug-ridden and dependably vulnerable to viruses?